Irfanview
CVE-2019-13243
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6.
AnalysisAI
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. Affected products include: Irfanview.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute a
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x00000000
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. Rated high severity (CVSS 7.8), th
irfanView 4.56 contains an error processing parsing files of type .pcx. Rated high severity (CVSS 7.5), this vulnerabili
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote
Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. Rated high
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. Rated hig
Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code s
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial
IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today